Re: CAC screen locking/unlocking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Allshouse, Brian M CTR NSWCDD XDT wrote:

Bob,

	Thanks for the reply, unfortunately though I'm trying to do this
with KDE, is there a solution for kscreensaver? And if not can you run the
gnome-screensaver when using the KDE desktop? (I've never tried) I'm trying
to do this for users desktop systems and everyone here uses KDE. Thanks.
OK a lot of non-answers below in the hopes that some of the rambling would be useful.
gnome-screensaver versus kscreensaver: I'm told that mixing desktop applications happens all the time. The different apps have different look an feel, and each set of desktop apps are designed to work together and share things like configuration information, so running a kde app under gnome is really know different than running a generic X application under one of the desktops. The biggest issue with running gnome-screensaver will likely be getting it configured.
You can use pkcs11_eventmgr with kscreensaver if kscreensaver has a programmatic way of triggering the 'prompt for pin' event.
lockhelper.sh was designed to use xscreensaver so that you run pkcs11_eventmgr once on your system as root and it can access X even when the existing user was running. You can dispense with it if you run pkcs11_eventmgr as the logged in user. lockhelper used the gdm's X credentials, so you would need to modify it for KDE. Here are the guts: 

DISPLAY=:0
export DISPLAY
XAUTHORITY=/var/gdm/${DISPLAY}.Xauth
export XAUTHORITY
{run your favorite screensaver}

bob




Sincerely,

Brian M. Allshouse
Network Operations - XDT
Bowhead Information Technology Services
brian.allshouse.ctr@xxxxxxxx

-----Original Message-----
From: Bob Relyea [mailto:rrelyea@xxxxxxxxxx] Sent: Wednesday, December 13, 2006 18:53 
To: Allshouse, Brian M CTR NSWCDD XDT
Cc: coolkey-devel@xxxxxxxxxx
Subject: Re:  CAC screen locking/unlocking
Allshouse, Brian M CTR NSWCDD XDT wrote: 

	I was referred to this list by Rob Crittenden and was hoping someone
could help me out. I've been doing some CAC testing in FC6 and was trying to
get screen locking/unlocking to work with a DoD CAC using coolkey,
pam_pkcs11, etc. and I notice in the "/etc/pam_pkcs11/pkcs11_eventmgr.conf"
file there's a script listed in there that's supposed to lock the screen on
card removal and unlock the screen on card insertion (w/pin I assume). The
script is called "lockhelper.sh" and should be in the "/etc/pki" directory,
but it doesn't exist, I even tried installing the whole distribution in
hopes I would find it. Does anyone have any clue as to what's going on
there? Any advice to make that work would be helpful, thanks.

Hi Brian,

In FC-6 we put the token removal detection directly into gnome-screensaver,
so pk11_eventmgr no longer needs to run. You can turn on screen locking and
unlocking from that authconfig UI (System->Administration->Authentication).

bob
Sincerely, Brian M. Allshouse Network Operations - XDT Bowhead Information Technology Services brian.allshouse.ctr@xxxxxxxx 
	
________________________________


	_______________________________________________
	Coolkey-devel mailing list
	Coolkey-devel@xxxxxxxxxx
	https://www.redhat.com/mailman/listinfo/coolkey-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux